mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-28 16:39:29 +01:00
Correct previous commit
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6536 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
6110ef3aa7
commit
c9593ebf2f
@ -1379,6 +1379,8 @@ sub get_interface_nets ( $ ) {
|
|||||||
#
|
#
|
||||||
# This function provides a uniform way to generate rules (something the original Shorewall sorely needed).
|
# This function provides a uniform way to generate rules (something the original Shorewall sorely needed).
|
||||||
#
|
#
|
||||||
|
# Returns the destination interface specified in the rule, if any.
|
||||||
|
#
|
||||||
sub expand_rule( $$$$$$$$$$ )
|
sub expand_rule( $$$$$$$$$$ )
|
||||||
{
|
{
|
||||||
my ($chainref , # Chain
|
my ($chainref , # Chain
|
||||||
@ -1526,6 +1528,8 @@ sub expand_rule( $$$$$$$$$$ )
|
|||||||
|
|
||||||
$rule .= match_dest_dev( $diface );
|
$rule .= match_dest_dev( $diface );
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$diface = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $origdest ) {
|
if ( $origdest ) {
|
||||||
@ -1725,6 +1729,8 @@ sub expand_rule( $$$$$$$$$$ )
|
|||||||
$chainref->{loopcount}--;
|
$chainref->{loopcount}--;
|
||||||
add_command $chainref, 'done';
|
add_command $chainref, 'done';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$diface;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -121,6 +121,8 @@ our @tccmd = ( { match => sub ( $ ) { $_[0] eq 'SAVE' } ,
|
|||||||
|
|
||||||
our %classids;
|
our %classids;
|
||||||
|
|
||||||
|
our @deferred_rules;
|
||||||
|
|
||||||
sub process_tc_rule( $$$$$$$$$$ ) {
|
sub process_tc_rule( $$$$$$$$$$ ) {
|
||||||
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_;
|
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_;
|
||||||
|
|
||||||
@ -135,6 +137,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
|||||||
my $tcsref;
|
my $tcsref;
|
||||||
my $connmark = 0;
|
my $connmark = 0;
|
||||||
my $classid = 0;
|
my $classid = 0;
|
||||||
|
my $device;
|
||||||
|
|
||||||
if ( $source ) {
|
if ( $source ) {
|
||||||
if ( $source eq $firewall_zone ) {
|
if ( $source eq $firewall_zone ) {
|
||||||
@ -161,7 +164,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
|||||||
fatal_error "Invalid MARK ($original_mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ and $designator =~ /^([0-9]+|0x[0-9a-f]+)$/;
|
fatal_error "Invalid MARK ($original_mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ and $designator =~ /^([0-9]+|0x[0-9a-f]+)$/;
|
||||||
|
|
||||||
if ( $config{TC_ENABLED} eq 'Internal' ) {
|
if ( $config{TC_ENABLED} eq 'Internal' ) {
|
||||||
fatal_error "Unknown Class ($original_mark)}" unless $classids{$original_mark};
|
fatal_error "Unknown Class ($original_mark)}" unless ( $device = $classids{$original_mark} );
|
||||||
}
|
}
|
||||||
|
|
||||||
$chain = 'tcpost';
|
$chain = 'tcpost';
|
||||||
@ -218,17 +221,22 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
expand_rule
|
if ( my $result = expand_rule(
|
||||||
ensure_chain( 'mangle' , $chain ) ,
|
ensure_chain( 'mangle' , $chain ) ,
|
||||||
NO_RESTRICT ,
|
NO_RESTRICT ,
|
||||||
do_proto( $proto, $ports, $sports) . do_test( $testval, $mask ) . do_tos( $tos ) ,
|
do_proto( $proto, $ports, $sports) . do_test( $testval, $mask ) . do_tos( $tos ) ,
|
||||||
$source ,
|
$source ,
|
||||||
$dest ,
|
$dest ,
|
||||||
'' ,
|
'' ,
|
||||||
"-j $target $mark" ,
|
"-j $target $mark" ,
|
||||||
'' ,
|
'' ,
|
||||||
'' ,
|
'' ,
|
||||||
'';
|
'' ) ) {
|
||||||
|
#
|
||||||
|
# expand_rule() returns destination device if any
|
||||||
|
#
|
||||||
|
fatal_error "Class Id $original_mark is not associated with device $result" if $classid && $device ne $result;
|
||||||
|
}
|
||||||
|
|
||||||
progress_message " TC Rule \"$line\" $done";
|
progress_message " TC Rule \"$line\" $done";
|
||||||
|
|
||||||
@ -490,7 +498,7 @@ sub setup_traffic_shaping() {
|
|||||||
# add filters
|
# add filters
|
||||||
#
|
#
|
||||||
if ( "$capabilities{CLASSIFY_TARGET}" && known_interface $device ) {
|
if ( "$capabilities{CLASSIFY_TARGET}" && known_interface $device ) {
|
||||||
add_rule ensure_chain( 'mangle' , 'tcpost' ), " -o $device -m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid";
|
push @deferred_rules, " -o $device -m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid";
|
||||||
} else {
|
} else {
|
||||||
emit "run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid";
|
emit "run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid";
|
||||||
}
|
}
|
||||||
@ -587,6 +595,10 @@ sub setup_tc() {
|
|||||||
|
|
||||||
$comment = '';
|
$comment = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for ( @deferred_rules ) {
|
||||||
|
add_rule ensure_chain( 'mangle' , 'tcpost' ), $_;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
Loading…
Reference in New Issue
Block a user